Storage Device Access Using Unprivileged Software Code

ABSTRACT

The subject disclosure is directed towards establishing more direct access to a storage device from unprivileged code. Using a storage infrastructure mechanism to discover and enumerate storage architecture component(s), a user mode application requests at least one portion of the storage device to store application-related data. The storage infrastructure mechanism determines whether the application is authorized to access the storage device and if satisfied, the storage infrastructure mechanism configures at least one path for performing block-level input/output between the storage device and an unprivileged storage architecture component.

BACKGROUND

Computer technology consumers utilize various types of storagetechnologies to retain files that store financial records, documents,photos and other data. The storage systems may move, modify, add ordelete data, on behalf of these consumers, as directed by variousunprivileged mode software programs (e.g., commonly known asapplications). To satisfy consumer demands with respect to latency andefficiency, these storage systems consume a considerable share ofavailable computing resources, including storage space capacities,processing threads, operating system components and/or the like. Thisshare of resources, in addition to reading/writing data, employs variousaccess control mechanisms to synchronize data between threads andmaintain consistency amongst variables (e.g., global variables).

A typical storage vendor supplies device-specific software programs thatare configured to facilitate the above mentioned control mechanisms aswell as perform block-level addressing. These programs run in privilegedmode and are commonly known as device drivers. Each device-specificsoftware program, when executed and combined with other privileged modedrivers, collectively function as storage architecture (e.g., a stack ofkernel mode drivers and/or compatible storage hardware components). Theunprivileged software programs mentioned above utilize this architectureto perform various data storage/retrieval tasks, such as reading/writingdata. In the current state of the art, these tasks often result inreduced input/output bandwidth and increased response latency because ofthe reasons explained below.

Mainly due to overhead caused by some storage architecture components,it is becoming more difficult for current storage devices to handle theincreasing loads of input/output requests. These storage architecturecomponents may be unrelated to successfully completing certain datastorage/retrieval tasks, but these components are executed anyway, whichresults in considerable processor overhead. High input/output loads areother example situations that cause in a noticeable level of overhead.As another example, executing the data storage/retrieval tasks also canstrain a processor already burdened with a considerable number of othertasks. The processor can be further burdened with context switches(e.g., changing program state) when the operating system handles filesystem operations asynchronously. Because of at least these reasons, thestorage architecture described above is limited with respect toinput/output efficiency.

SUMMARY

This Summary is provided to introduce a selection of representativeconcepts in a simplified form that are further described below in theDetailed Description. This Summary is not intended to identify keyfeatures or essential features of the claimed subject matter, nor is itintended to be used in any way that would limit the scope of the claimedsubject matter.

Briefly, various aspects of the subject matter described herein aredirected towards storage architecture configured to input/output variousdata based in part upon unprivileged code. In one aspect, one or moresoftware programs implementing at least a portion of the storagearchitecture and running as unprivileged code may facilitateinput/output activity between a storage device and another program. Theinput/output activity may involve storing data in and/or retrieving datafrom non-volatile memory. Because regions within the non-volatile memoryare mapped onto an address space allocated to the other program, the oneor more unprivileged software programs may directly or indirectlyinput/output data to/from the storage device. In one aspect, theprovider-based storage architecture differs from existing privilegedstorage software stacks by minimizing/eliminating privileged softwarecode from being executed during the input/output activity. Theprovider-based storage architecture may generate an input/output paththat bypasses at least a portion of the privileged software code.

In one aspect, the provider-based storage architecture exposes aphysical/virtual storage device, or a portion thereof, to a user modesoftware program/application such that regions of the storage device maybe accessed directly from the user mode. In one aspect, theprovider-based storage architecture may utilize a minimal amount ofprivileged software code, including any software program associated withdevice setup/management. In another aspect, some or all of theprivileged software code may be eliminated, such as on an I/O-intensivepath to reduce response latency.

In one aspect, the provider-based storage architecture may be adaptedfor different storage device classes, such as processor-inaccessible andprocessor-accessible storage devices. In one aspect, input/outputfunctionality for new and/or future storage technology may beimplemented in one or more vendor-supplied software programs. When theapplication desires to access stored data in a corresponding storagedevice, these software programs may be loaded into the provider-basedstorage architecture.

Other advantages may become apparent from the following detaileddescription when taken in conjunction with the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example and not limitedin the accompanying figures in which like reference numerals indicatesimilar elements and in which:

FIG. 1 is a block diagram illustrating an example system for performinginput/output activity according to one example implementation.

FIG. 2 is a block diagram illustrating an example storage architectureaccording to one example implementation.

FIG. 3 is a flow diagram illustrating example steps for establishingaccess to a storage device for an application according to one exampleimplementation.

FIG. 4 is a flow diagram illustrating example steps for performinginput/output activity on behalf of an application according to oneexample implementation.

FIG. 5 is a block diagram representing example non-limiting networkedenvironments in which various embodiments described herein can beimplemented.

FIG. 6 is a block diagram representing an example non-limiting computingsystem or operating environment in which one or more aspects of variousembodiments described herein can be implemented.

DETAILED DESCRIPTION

Various aspects of the technology described herein are generallydirected towards establishing access to a storage device via anunprivileged storage architecture component. In one embodiment, acomputing device may implement a storage infrastructure mechanism toestablish direct access, via a processor, or indirect access, via amemory buffer (e.g., a user mode buffer), to a portion of the storagedevice. By comparing provider-based storage policy information withrequest data from the unprivileged storage architecture component, asinstructed by other unprivileged code (e.g., a running application), thestorage infrastructure mechanism may identify one or more components ofthe storage architecture to load and execute. One example implementationof the storage infrastructure mechanism may load the unprivilegedstorage architecture component and/or initiate block-level input/outputactivity on behalf of the other unprivileged code.

The request data also may define at least one portion (e.g., a regionsize and offset) of the storage device to allocate for storingapplication-related data. If the request data satisfies each conditionoutlined by the policy information, the storage infrastructure mechanismconfigures at least one path through which the unprivileged storagearchitecture component and/or the storage device conduct input/outputactivity. For example, the storage infrastructure mechanism may beconfigured to map regions of the storage device to corresponding regionsof memory within the computing device. In one example implementation,the unprivileged storage architecture component may directly address themapped storage device regions while remaining in user mode. Hence, eachmapping may represent a logical, if not physical, connection or path toone or more storage device regions that enables block-levelinput/output.

One example storage infrastructure mechanism may include a softwareprogram (e.g., commonly known as a driver) running as privileged code inthe storage architecture. The storage infrastructure mechanism mayexamine a discovery request from an application and based upon thatrequest, may verify the application and authorize access to a storagedevice e.g., a hardware-accelerated storage device) according to oneexample embodiment. The discovery request may specify a size (e.g., inbytes) of one or more regions of the storage device to be allocated withrespect to the input/output activity on the application-related data.The storage infrastructure mechanism may perform addressing of theseregions to substantially match a virtual address space associated withthe application-related data, which effectively communicably couples theregions with the unprivileged storage architecture component.

In one example implementation, the unprivileged storage architecturecomponent may generate an interface having an asynchronous and/or asynchronous mode. The synchronous mode may be more appropriate forlow-latency, high-throughput devices, for example. On the other hand,because costs related to context switching often become non-trivial, theasynchronous input/output mode may be utilized for large-scaleprocessing jobs to substantially reduce or eliminate such costs.

It should be understood that any of the examples herein arenon-limiting. As such, the present invention is not limited to anyparticular embodiments, aspects, concepts, structures, functionalitiesor examples described herein. Rather, any of the embodiments, aspects,concepts, structures, functionalities or examples described herein arenon-limiting, and the present invention may be used in various ways thatprovide benefits and advantages in computing and data storage ingeneral.

FIG. 1 is a block diagram illustrating an example system for variousinput/output activity according to one example implementation. One ormore example components of such a system may include a computing device102, which may be communicably coupled with a plurality of storagedevices 104. It is appreciated that other example implementations mayutilize a single storage device instead of the plurality of storagedevices 104 (illustrated as a storage device 104 ₁ . . . a storagedevice 104 _(N) and hereinafter referred to as the storage devices 104).A device vendor may configure at least one of the example storagedevices, such as the storage device 104 ₁, to operate with one or morecomponents 106 of optimized storage architecture.

The computing device 102 may include one or more applications 108(depicted as “application(s)” in FIG. 1), for example, software programsthat run as unprivileged code and desire access to stored data withinthe storage device 104 ₁. An example application 108 may be a user mode,commercially known software program, such as a database application, ahigh-performance server application, a cloud computing component, acluster management/security application and/or the like. In response toinstructions from the one or more applications 108, a storageinfrastructure mechanism 110 may load the storage architecturecomponent(s) 106 and establish access to stored data. On behalf of theone or more applications 108, an example embodiment may facilitate datastorage/retrieval with a processor-accessible storage device to whichthe storage architecture component(s) 106 may read/write data through anappropriate communication channel.

According to one example implementation, the policy information 112 maybe used to set up and establish access to the storage device 104 ₁. Thestorage infrastructure mechanism 110 may receive request data 114 froman example user mode program and store one or more parameters (e.g.,Global Unique Identifier (GUIDs)) specifying which storage regions(e.g., partitions or raw table data) can be organized and represented asa database volume. For example, the storage infrastructure mechanism 110may select such a database volume by matching a GUID stored in therequest data 114 with one or more registered GUIDs. Furthermore, thestorage infrastructure mechanism 110 may compare the GUID for thedesired database volume with a security policy to determine whether thedatabase application is authorized to access the database volume.Optionally, the storage infrastructure mechanism 110 may configure thestorage architecture components 106 to present a file system structurerepresenting the desired database volume. The storage infrastructuremechanism 110 maps portions of the desired database volume toapplication-related data 116 in unprivileged (e.g., user mode) addressspace. These portions may be non-volatile regions within the storagedevice 104 ₁. One of the benefits of mapping one or more regions to theapplication-related data 116 may include enabling direct access to thedesired database volume for an unprivileged component of the storagearchitecture components 106.

One example embodiment of the application 108 may be a high-performanceserver application that utilizes the storage architecture component(s)106 when reading/writing data to a low-level block storage device,instead of an operating system privileged mode driver (e.g., a filesystem or volume driver) and/or a privileged mode cache (e.g., a kerneldata cache), when reading/writing data to a low-level block storagedevice. To this end, the high-performance server application may bepermitted access rights to the low-level block device, via the one ormore storage architecture components 106, such that the high-performanceserver application may more directly manage the input/output activity ata block level (e.g., data sector level) while reducing or eliminatingoverhead from running privileged (e.g., kernel mode) software programs.In one example implementation, the high performance server applicationmay perform indexing jobs on a data volume. The high performance serverapplication may perform read ahead caching on a sequential storagedevice (e.g., a magnetic tape library, a flash storage device and/or thelike).

Another example implementation comprises a database application thatdesires access to the storage device 104 ₁. The storage infrastructuremechanism 110 may use various policy information 112 (e.g., securitypolicies, access control policies, setup policies, load balancingpolicies and/or the like) when verifying the database application. Afterauthorizing the database application to access the storage device 104 ₁,the database application may prompt the storage infrastructure mechanism110 to invoke a discovery process during which the storageinfrastructure mechanism 110 may enumerate the plurality of storagedevices 104, identify one of the storage devices 104 (e.g., the storagedevice 104 ₁) to be a suitable storage device and load a privilegedstorage architecture component associated with the suitable storagedevice.

FIG. 2 is a block diagram illustrating an example storage architectureaccording to one example implementation. The example storagearchitecture may span different privilege levels/modes, including whatis commonly known as a user mode, a kernel mode and a hardware mode, asillustrated in FIG. 2. One or more components of the storagearchitecture provide an application 202 with access to stored data, inregions of non-volatile memory 204, on which input/output may beperformed. The application 202 may directly address such regions if thenon-volatile memory 204 is processor-accessible. As an alternative, theapplication 202 may indirectly access such regions through a user modebuffer in which after input/output activity execution, each modifieddata block may be written from the user mode buffer to the non-volatilememory 204.

The storage architecture may include a device stack comprising kernelmode software code (e.g., miniport drivers and/or the like) and/orhardware mode software code (e.g., a storage device subsystem). Thedevice stack may provide vendor-supplied functionality configured tooperate with other storage architecture components when executing theinput/output activity. Example vendor-supplied components of the storagearchitecture may include a user mode provider 206 (e.g., unprivilegedcode) and/or a kernel mode driver 208 (e.g., privileged code) for one ormore storage device classes/types. Because such components are providedby storage device vendors/manufacturers, the storage architecture may bereferred to as a provider-based storage. It is appreciated that thevendors/manufacturers may supply additional components to the storagearchitecture, or that one or more of the components may come fromanother source. A storage infrastructure driver 210 may load one or moreof the example components to facilitate input/output on an activestorage device (e.g., a logical block device), which may comprise atleast a portion of the non-volatile memory 204.

The following discussion references example implementations of circledoperations labeled (1)-(6) as depicted in FIG. 2. In one exampleimplementation, performing these operations, as ordered by number, mayenable direct or indirect access to the non-volatile memory 204 from theuser mode provider 206. Some of these operations include input/output(I/O) requests for reading/writing data, input/output (I/O) requestcompletions, acknowledgments and/or the like. Corresponding to theoperation labeled (1), when the application 202 desires to perform datastorage/retrieval tasks, the storage infrastructure driver 210 receivesa request that indicates which a storage architecture component todiscover/load and how much of the non-volatile memory 204 to allocatefor application-related data. According to one example implementation,the storage architecture component may match a desired storage devicetype. The storage infrastructure driver 210 may respond by enumeratingkernel mode software programs (e.g., device drivers) in order todiscover the kernel mode driver 208 corresponding to the desired storagedevice type, as indicated by the operation labeled (2).

In one example implementation, during the operation labeled (2), thestorage infrastructure driver 210 may use the kernel mode driver 208 toload the user mode provider 206 if such component is not already loaded.According to the operation labeled (3), the kernel mode driver 208 mayinitialize the storage device based upon the request data and establishaccess to one or more regions of the non-volatile memory 204. Thestorage infrastructure driver 210 may communicate pass-throughinput/output requests, via the kernel mode driver 208, to the storagedevice. During the operation labeled (4), the kernel mode driver 208responds with input/output request completions indicatingsuccessful/unsuccessful completion of the pass-through input/outputrequests. The user mode provider 206 initiates another set ofinput/output requests through the kernel mode driver 208, correspondingto the operation labeled (5). Alternatively, in hardware-acceleratedembodiments, the user mode provider 206 may initiate such input/output(I/O) requests directly via I/O signaling whereby the kernel mode driver208 is skipped or substantially bypassed.

As described herein, the input/output activity conducted between thestorage device and the application 202 may include the communication ofblock-level and/or file-level input/output requests, for example, filesystem operations, such as asynchronous and/or synchronous file systemoperations. For some of these file system operations, the storage devicemay utilize interrupts (e.g., kernel signals) to denote completion.Instead of handling interrupts with possibly extraneous privilegedsoftware code (e.g., kernel mode storage drivers, operating systemcomponents and/or the like), which often results in high overhead costs,the provider-based storage architecture may utilize a differentcompletion notification mechanism, such as one based on polling. Pollinggenerally refers to a well-known completion notification mechanism inwhich the storage device responds to queries from storage architecturecomponents with current file system operation status information, asdescribed herein. The user mode provider 206 thus avoids such overheadcosts by minimizing/eliminating the execution of the privileged softwarecode mentioned above. The storage infrastructure driver 210 may beconfigured to load one or more storage device manufacturer-supplied usermode software programs, which can take advantage of vendor-implementeddevice features and further enhance input/output activity performance.

To illustrate an example of when the provider-based storage architectureresults in cost savings, assume a significant storage I/O load for theuser mode provider 206 in which certain functions (e.g., interfacefunctions, file system operations and/or the like) may be invokedfrequently. As part of their execution, these functions may query (e.g.,poll) the storage device for completions of previously invoked I/Oactivity, which may cause additional latency when the I/O activitycompletion rate drops (e.g., below a pre-defined threshold). In suchsituation, the user mode provider 206 may start using interrupts when apolling timeout expires. If, for example, one or more input/outputregisters indicate I/O activity completion to the application 202 andthe user mode provider 206 fails to signal acknowledgment after apre-defined timeout (e.g., one or more milliseconds), the storage devicemay be configured to respond with an interrupt. A device driver mayhandle the interrupt by instructing the user mode provider 206 to haltcurrent input/output activity. In one example implementation, the usermode provider 206 may modify the timeout to accommodate for a currentI/O load. It is appreciated that the example implementations describedherein may be adapted for lighter I/O loads.

In one or more embodiments, the user mode provider 206 and/or the kernelmode driver 208 may instantiate appropriate thread synchronizationobjects, such as I/O completion ports to regions within the non-volatilememory 204, in order to handle the asynchronous file system operations.These objects may be accessible by the device stack and used to indicatea status for each file system operation (e.g., completed, accepted,error, pending and/or the like). If these operations are accepted (e.g.,by the kernel mode driver 208 and/or the device stack), the user modeprovider 206 and/or the application 202 may commence another set of filesystem operations until the asynchronous file system operations arecompleted. Context switching, a computing process for storing and/orrestoring system/program state, allows the processor to later resumeexecution from a same entry point. The device stack responds withcompletion notifications, which cause the user mode provider 206 topause/interrupt the other set of file system operations and finishprocessing the asynchronous file system operations. Example embodimentsin which the application 202 may utilize asynchronous input/output mayinclude large processing jobs (e.g., batch jobs), database volumebackup, file system indexing, read ahead caching and/or the like. Theasynchronous file system operation completions may be reported usingconventional operating system components (e.g., overlapped structures,completion ports, interrupts and/or the like) or, alternatively, via apolling mechanism.

The provider-based storage architecture, including the storageinfrastructure driver 210, is configured to locate and load unprivilegedstorage architecture components. As an example, the user-mode provider206 may be an unprivileged storage architecture component configured tohandle file system and/or block-level operations on the regions. Afterthe storage infrastructure driver 210 loads and initializes theuser-mode provider 206, the storage infrastructure driver 210 enforcessecurity and/or access policies to ensure that the application 202 hassufficient rights to access/modify the regions without conflicting withother applications.

An example implementation of the provider-based storage architectureestablishes access to the non-volatile memory 204 in response to adiscovery request communicated by the application 202. Such a requestmay identify a specific storage architecture component or components forhandling the input/output activity initiated by the application 202. Theexample storage architecture component may be a privileged softwareprogram, such as the kernel mode driver 208, corresponding to anunprivileged software program that initiated the discovery request, suchas the user mode provider 206.

The discovery request may also define one or more regions to be mappedto the storage architecture component(s)—thereby allowing theapplication 202 to access stored data (e.g., via a file system). Inturn, the storage infrastructure driver 210 issues a request to discoverthe kernel mode driver 208, loads the user mode provider 206 and then,instructs one or more device drivers to initialize one or more regions.For example, the kernel mode driver 208 may use the device drivers tolocate/mount a file system on the requested regions, which may bepresented to the user mode provider 206 and/or the application 202. Thekernel mode provider 208 may invoke an initial set of input/outputactivity on the file system prior to being made accessible to the usermode provider 206.

The application 202 may request any combination of access modes, such asread/write access, shared/exclusive access and/or the like. The storageinfrastructure driver 210 may multiplex various requests and enforceaccess policies. Upon satisfying these policies, the storageinfrastructure driver 210 allocates one or more regions to the user-modeprovider 206. According to one example implementation, the user-modeprovider 206 may issue instructions directly to a device driver suppliedby the storage device manufacturer vendor). Alternatively, the user-modeprovider 206 may issue these instructions directly to the hardware usingany suitable data communication method(s). Once the application 202gains access to the region(s) of interest, the application 202 mayaccess stored data at a block (sector) granularity.

When the application 202 initiates the input/output requests, the usermode provider 206 transfers the input/output requests along a first pathto the kernel mode driver 208, as directed by one exampleimplementation. A second path transfers the input/output requests fromthe kernel mode driver 208 and corresponding regions in the non-volatilememory 204. The device stack may return input/output activity completionnotifications to the application 202 along the second path and the firstpath.

According to alternative implementations, the storage infrastructuredriver 210 may establish a direct input/output (I/O) path 212 betweenthe non-volatile memory 204 and the user mode provider 206 instead ofusing the kernel mode driver 208 to communicate the input/outputactivity. With little or no privileged software code to execute, theuser mode provider 206 may access the non-volatile memory 204 via aprocessor and perform data read(s)/write(s) without a user-mode databuffer. Hence, the direct input/output path 212 may communicably coupleone or more regions of the non-volatile memory 204 with correspondingregions of an address space 214 under the application 202 control.

The address space 214 generally refers to a collection of physicalmemory regions that may be allocated to one or more unprivilegedprograms, such as the application 202. According to one exampleimplementation, a portion of local memory, which may be known as amemory buffer or user (mode) buffer, may be addressed to correspond toregion locations within the non-volatile memory 204. Such a memorybuffer, for example, may include volatile memory and/or non-volatilememory. When the application 202 desires to write data to these regionlocations, the user mode provider 206 stores the data in the bufferuntil the stored data is committed to the non-volatile memory 204. Theuser mode provider 206 may instruct the kernel mode driver 208 to flushthe data from the buffer to one or more region locations in thenon-volatile memory 204.

In another example implementation of the address space 214, a virtualaddress space that represents a logical arrangement of disparatephysical memory regions in different locations, including a portion ofthe non-volatile memory 204. When the application 202 desires to modifya data block in the corresponding portions of the address space 214, theuser mode provider 206 maintains consistency with the non-volatilememory 204 by automatically writing the data block to a mapped region ofthe non-volatile memory 204.

The storage infrastructure driver 210 may register a contiguous segmentof volatile memory (e.g., RAM) to store the application-related data andperform an address translation for the user mode provider 206 and/or thekernel mode driver 208, rendering the contiguous segment to bebyte-addressable, according to one embodiment. The contiguous segmentmay be assigned to one or more regions within the non-volatile memory204 such that these regions also are byte-addressable. From theperspective of the user mode provider 206 and/or the application 202,individual random bytes within these regions may be (e.g., indirectly)accessible through the contiguous segment.

The storage infrastructure driver 210 may combine other regions of thenon-volatile memory 204 with the contiguous segment and form a virtualmemory such that the address space 214 encompasses the other regionsand/or the contiguous segment according to one example implementation.Because the user mode provider 206 is configured to perform block-levelinput/output on a compatible storage device, a data stream of bytes maybe transferred between the other regions and the contiguous segment.Optionally, the other regions may be maintained as persistent storageand/or for caching during an unprivileged software program's execution,such as the application 202.

The direct I/O path 212 depicted in FIG. 2 may represent a logical setof software code (e.g., processor-executable instructions) which, whenexecuted, transfers the input/output requests from the application 202to the storage device. According to one example implementation, thedirect I/O path 212 may refer to a local memory location that storesregion offset/size information for the non-volatile memory 204.Information indicating completions and/or errors associated with theexecution of the input/output requests may be returned to theapplication 202, via the direct I/O path 212, through a second localmemory location.

One possible hardware implementation may assign two or more sets ofmemory-mapped registers per virtual function. An example first set ofconfiguration registers may store region size and offset informationfrom a beginning of the non-volatile memory 204 (e.g., a first byte inan address space). The size and offset information may be pre-programmedand only accessible by kernel mode software programs, such as the kernelmode driver 208. An example second set of input/output registers may bemapped by the user-mode provider 206 into the address space 214. Thesecond set of input/output registers allows the user-mode provider 206to initiate the I/O activity and monitor completion of such activitywithout entering kernel mode. One alternative example implementation maymaintain a single virtual function as an alias for a physical functioncorresponding to an entire storage device, or a substantial portionthereof. When assigned to the application 202, the physical function mayprovide the application 202 with exclusive access to the entire storagedevice.

The direct I/O path 212 may be configured handle a substantial volume ofthe input/output activity and be referred to as an I/O-intensive path.The provider-based storage architecture improves storage bandwidth alongthe I/O-intensive path by reducing or eliminating overhead associatedwith non-provider based storage architectures (e.g., an operatingsystem-based software stack). The storage infrastructure driver 210 maybe configured to load one or more device manufacturer-supplied user modesoftware programs, which may include vendor-implemented device featuresthat facilitate further input/output optimization (e.g., reduction ofthe I/O-intensive path length).

Using the provider-based storage architecture, the application 202 maycreate, delete and/or access contiguous portions of the non-volatilememory 204 (e.g., data blocks). According to one example implementation,the user-mode provider 206 may expose an interface through which theapplication 202 accesses stored data in the non-volatile memory 204regions and initiates various functions for handling input/outputactivity. Some of these functions are described further below withrespect to FIG. 4. One example implementation may include an optimizedhardware interface configured to improve conventional I/O-based storagedevice performance. In one example implementation, the user modeprovider 206 exposes virtual functions for each region of thenon-volatile memory 204. Each virtual function, for example, may map toa contiguous portion of the non-volatile memory 204, such as a number ofdisk sectors or a number of bytes from a starting offset. As a securitystep, each virtual function may be initialized only in kernel-mode toprevent user-mode programs from accessing unauthorized regions of thenon-volatile memory 204.

FIG. 3 is a flow diagram illustrating example steps for establishingaccess to a storage device using unprivileged code according to oneexample implementation. One or more of the example steps may beperformed by a storage infrastructure mechanism (e.g., the storageinfrastructure mechanism 110 of FIG. 1 or the storage infrastructuredriver 210 of FIG. 2) within the storage architecture. The example stepscommence at step 302 and proceed to step 304 at which the storageinfrastructure mechanism processes request data (e.g., the request data114 of FIG. 1) and compares the request data with policy information(e.g., the policy information 112 of FIG. 1). Step 306 determineswhether to authorize access to the storage device for the application.Based upon the request data and the policy information, if theapplication violates one or more policies, step 306 proceeds to step 316and terminates. If the application satisfies the policy information,step 306 proceeds to step 308.

Step 308 is directed towards identifying a suitable storage device forreading/writing application-related data. As described herein, therequest data also may identify privileged and/or unprivileged storagearchitecture components for storing the application-related data in thesuitable storage device. The storage infrastructure mechanism also mayload a privileged storage architecture component for the provider-basedstorage architecture.

Step 310 represents mapping regions of the storage device to an addressspace. Prior to such mapping, the storage infrastructure mechanism maypartition the storage device and determine which regions may beallocated for unprivileged program use. As described herein, the regionsmay be directly addressable, via a processor, into a virtual addressspace associated with the application. In addition to conventional“device read( )/write( )” access semantics, the interface may beconfigured to handle non-volatile storage devices that may be directlyaddressable by the processor. The interface, as an example, may managethese storage devices using “memory map( )/unmap( )” access semantics.Because the regions are mapped to an address space and accessible viathe processor, the provider-based storage architecture does not allocatethe user-mode data buffer to store a temporary copy of theapplication-related data.

As an example implementation, the unprivileged storage architecturecomponent may perform direct virtual address mapping to a storage/codepage or a memory buffer page. Such a change enables automatic mapping ofnon-volatile memory regions into user-mode, virtual address space,thereby enabling near zero-cost access to the stored data on thenon-volatile memory regions. The unprivileged component also may assigna lifetime to each of the mappings. With respect to exampleimplementations involving (e.g., traditional) magnetic storage devices,the unprivileged storage architecture component may continue to allocatea standard memory page for data buffering as part of execution of the“map( )” function.

Step 312 is directed to configuring at least one input/output pathbetween an unprivileged storage architecture component and the storagedevice. The at least one input/output path may represent a logicalconnection between user mode address space and regions in the storagedevice. One example implementation may utilize hardware-acceleratedsignaling to communicate the input/output activity to the storagedevice. Step 314 determines whether to authorize generation of aninterface through which the input/output activity is communicated to thestorage device. In one example implementation where the storage deviceis directly accessible via a processor, the interface may be appropriatefor handling the input/output activity. If the storage infrastructuremechanism decides to generate the interface, step 314 proceeds to theexample steps illustrated by FIG. 4. If the storage infrastructuremechanism decides that the interface is inappropriate, step 314 proceedsto step 316 where the example steps depicted in FIG. 3 terminate.

FIG. 4 is a flow diagram illustrating example steps for performinginput/output activity on behalf of an application according to oneexample implementation. One or more of the example steps may beperformed by an unprivileged component (e.g., the user mode provider 206of FIG. 2) and/or a privileged component (e.g., the kernel mode driver208 of FIG. 2) within provider-based storage architecture. The examplesteps commence at step 402 and proceed to step 404 at which theunprivileged storage architecture component generates an interface andprocesses an interface function selection by an application. One exampleimplementation of the interface may be compatible with existing storagedevices and/or future storage device classes. With respect tohardware-accelerated storage devices, stored application-related datamay be accessible via a processor instead of through a user mode databuffer.

If the interface function selection indicates the “Map( )” function,step 404 proceeds to step 406 where the unprivileged storagearchitecture component maps previously allocated portions of the storagedevice to the application virtual address space. With respect to storagedevices that are not directly addressable via the processor, theprovider-based storage architecture may provide unprivileged buffering(e.g., DRAM buffering). Valid application-related data, for example, maybe transferred from the storage device to virtual address regions in auser mode memory buffer.

If the interface function selection indicates the “Flush( )” function,step 404 proceeds to step 408 where the unprivileged storagearchitecture component initiates write operations of cached data (e.g.,in DRAM and/or processor caches) to the storage device. If the interfacefunction selection indicates the “UnMap( )” function, step 404 proceedsto step 410 where the unprivileged storage architecture componentperforms a full write back of cached data (in DRAM and/or processorcaches) and unmaps the region from the application virtual addressspace.

If the interface function selection refers to the “Trim( )” function,step 404 proceeds to step 412 where the unprivileged storagearchitecture component notifies the storage device that a specificportion (e.g., of a storage region) may be deallocated. The unprivilegedstorage architecture component, for instance, may not need the specificportion for future input/output. As a result, the specific portion is nolonger assigned to the unprivileged storage architecture component.Contents of the specified portion may be invalidated and/or re-allocatedfor storing other data.

Step 414 determines whether the selected interface function iscompleted. If the storage device finished executing the selectedinterface function, the storage device may return a completionnotification in the form of a signal, such as an interrupt, or anothersuitable response format. It is appreciated that other mechanisms,including ownership instructions, locks, timers, waits/signals, accesscontrol attributes, data streams and/or the like, may be used as notifythe storage architecture of a completion. If the storage device did notexecute until completion, step 414 proceeds to step 416 at which theunprivileged component may receive error indicia associated with thepartial execution. If no such error data is received, the unprivilegedcomponent may poll the storage device for status information indicatingcurrent progress as to the interface function. If no status informationis received after a pre-defined timeout, the unprivileged componentproceeds to step 418.

Step 418 refers to acknowledging the completion notification. Forinstance, via the interface, the unprivileged component may provide thestorage device with data confirming receipt of poll data. In oneimplementation, if the completion notification remains unacknowledged,the storage device, which may include a kernel mode driver, may overridea present completion notification mechanism and communicate an interruptto pause any current input/output activity. Step 420 terminates theexample steps depicted in FIG. 4.

Example Networked and Distributed Environments

One of ordinary skill in the art can appreciate that the variousembodiments and methods described herein can be implemented inconnection with any computer or other client or server device, which canbe deployed as part of a computer network or in a distributed computingenvironment, and can be connected to any kind of data store or stores.In this regard, the various embodiments described herein can beimplemented in any computer system or environment having any number ofmemory or storage units, and any number of applications and processesoccurring across any number of storage units. This includes, but is notlimited to, an environment with server computers and client computersdeployed in a network environment or a distributed computingenvironment, having remote or local storage.

Distributed computing provides sharing of computer resources andservices by communicative exchange among computing devices and systems.These resources and services include the exchange of information, cachestorage and disk storage for objects, such as files. These resources andservices also include the sharing of processing power across multipleprocessing units for load balancing, expansion of resources,specialization of processing, and the like. Distributed computing takesadvantage of network connectivity, allowing clients to leverage theircollective power to benefit the entire enterprise. In this regard, avariety of devices may have applications, objects or resources that mayparticipate in the resource management mechanisms as described forvarious embodiments of the subject disclosure.

FIG. 5 provides a schematic diagram of an example networked ordistributed computing environment. The distributed computing environmentcomprises computing objects 510, 512, etc., and computing objects ordevices 520, 522, 524, 526, 528, etc., which may include programs,methods, data stores, programmable logic, etc. as represented by exampleapplications 530, 532, 534, 536, 538. It can be appreciated thatcomputing objects 510, 512, etc. and computing objects or devices 520,522, 524, 526, 528, etc. may comprise different devices, such aspersonal digital assistants (PDAs), audio/video devices, mobile phones,MP3 players, personal computers, laptops, etc.

Each computing object 510, 512, etc. and computing objects or devices520, 522, 524, 526, 528, etc. can communicate with one or more othercomputing objects 510, 512, etc. and computing objects or devices 520,522, 524, 526, 528, etc. by way of the communications network 540,either directly or indirectly. Even though illustrated as a singleelement in FIG. 5, communications network 540 may comprise othercomputing objects and computing devices that provide services to thesystem of FIG. 5, and/or may represent multiple interconnected networks,which are not shown. Each computing object 510, 512, etc. or computingobject or device 520, 522, 524, 526, 528, etc. can also contain anapplication, such as applications 530, 532, 534, 536, 538, that mightmake use of an API, or other object, software, firmware and/or hardware,suitable for communication with or implementation of the applicationprovided in accordance with various embodiments of the subjectdisclosure.

There are a variety of systems, components, and network configurationsthat support distributed computing environments. For example, computingsystems can be connected together by wired or wireless systems, by localnetworks or widely distributed networks. Currently, many networks arecoupled to the Internet, which provides an infrastructure for widelydistributed computing and encompasses many different networks, thoughany network infrastructure can be used for example communications madeincident to the systems as described in various embodiments.

Thus, a host of network topologies and network infrastructures, such asclient/server, peer-to-peer, or hybrid architectures, can be utilized.The “client” is a member of a class or group that uses the services ofanother class or group to which it is not related. A client can be aprocess, e.g., roughly a set of instructions or tasks, that requests aservice provided by another program or process. The client processutilizes the requested service without having to “know” any workingdetails about the other program or the service itself.

In a client/server architecture, particularly a networked system, aclient is usually a computer that accesses shared network resourcesprovided by another computer, e.g., a server. In the illustration ofFIG. 5, as a non-limiting example, computing objects or devices 520,522, 524, 526, 528, etc. can be thought of as clients and computingobjects 510, 512, etc. can be thought of as servers where computingobjects 510, 512, etc., acting as servers provide data services, such asreceiving data from client computing objects or devices 520, 522, 524,526, 528, etc., storing of data, processing of data, transmitting datato client computing objects or devices 520, 522, 524, 526, 528, etc.,although any computer can be considered a client, a server, or both,depending on the circumstances.

A server is typically a remote computer system accessible over a remoteor local network, such as the Internet or wireless networkinfrastructures. The client process may be active in a first computersystem, and the server process may be active in a second computersystem, communicating with one another over a communications medium,thus providing distributed functionality and allowing multiple clientsto take advantage of the information-gathering capabilities of theserver.

In a network environment in which the communications network 540 or busis the Internet, for example, the computing objects 510, 512, etc. canbe Web servers with which other computing objects or devices 520, 522,524, 526, 528, etc. communicate via any of a number of known protocols,such as the hypertext transfer protocol (HTTP). Computing objects 510,512, etc. acting as servers may also serve as clients, e.g., computingobjects or devices 520, 522, 524, 526, 528, etc., as may becharacteristic of a distributed computing environment.

Example Computing Device

As mentioned, advantageously, the techniques described herein can beapplied to any device. It can be understood, therefore, that handheld,portable and other computing devices and computing objects of all kindsare contemplated for use in connection with the various embodiments.Accordingly, the below general purpose remote computer described belowin FIG. 6 is but one example of a computing device.

Embodiments can partly be implemented via an operating system, for useby a developer of services for a device or object, and/or includedwithin application software that operates to perform one or morefunctional aspects of the various embodiments described herein. Softwaremay be described in the general context of computer executableinstructions, such as program modules, being executed by one or morecomputers, such as client workstations, servers or other devices. Thoseskilled in the art will appreciate that computer systems have a varietyof configurations and protocols that can be used to communicate data,and thus, no particular configuration or protocol is consideredlimiting.

FIG. 6 thus illustrates an example of a suitable computing systemenvironment 600 in which one or more aspects of the embodimentsdescribed herein can be implemented, although as made clear above, thecomputing system environment 600 is only one example of a suitablecomputing environment and is not intended to suggest any limitation asto scope of use or functionality. In addition, the computing systemenvironment 600 is not intended to be interpreted as having anydependency relating to any one or combination of components illustratedin the example computing system environment 600.

With reference to FIG. 6, an example remote device for implementing oneor more embodiments includes a general purpose computing device in theform of a computer 610. Components of computer 610 may include, but arenot limited to, a processing unit 620, a system memory 630, and a systembus 622 that couples various system components including the systemmemory to the processing unit 620.

Computer 610 typically includes a variety of computer readable media andcan be any available media that can be accessed by computer 610. Thesystem memory 630 may include computer storage media in the form ofvolatile and/or nonvolatile memory such as read only memory (ROM) and/orrandom access memory (RAM). By way of example, and not limitation,system memory 630 may also include an operating system, applicationprograms, other program modules, and program data.

A user can enter commands and information into the computer 610 throughinput devices 640. A monitor or other type of display device is alsoconnected to the system bus 622 via an interface, such as outputinterface 650. In addition to a monitor, computers can also includeother peripheral output devices such as speakers and a printer, whichmay be connected through output interface 650.

The computer 610 may operate in a networked or distributed environmentusing logical connections to one or more other remote computers, such asremote computer 670. The remote computer 670 may be a personal computer,a server, a router, a network PC, a peer device or other common networknode, or any other remote media consumption or transmission device, andmay include any or all of the elements described above relative to thecomputer 610. The logical connections depicted in FIG. 6 include anetwork 672, such local area network (LAN) or a wide area network (WAN),but may also include other networks/buses. Such networking environmentsare commonplace in homes, offices, enterprise-wide computer networks,intranets and the Internet.

As mentioned above, while example embodiments have been described inconnection with various computing devices and network architectures, theunderlying concepts may be applied to any network system and anycomputing device or system in which it is desirable to improveefficiency of resource usage.

Also, there are multiple ways to implement the same or similarfunctionality, e.g., an appropriate API, tool kit, driver code,operating system, control, standalone or downloadable software object,etc. which enables applications and services to take advantage of thetechniques provided herein. Thus, embodiments herein are contemplatedfrom the standpoint of an API (or other software object), as well asfrom a software or hardware object that implements one or moreembodiments as described herein. Thus, various embodiments describedherein can have aspects that are wholly in hardware, partly in hardwareand partly in software, as well as in software.

The word “exemplary” is used herein to mean serving as an example,instance, or illustration. For the avoidance of doubt, the subjectmatter disclosed herein is not limited by such examples. In addition,any aspect or design described herein as “exemplary” is not necessarilyto be construed as preferred or advantageous over other aspects ordesigns, nor is it meant to preclude equivalent exemplary structures andtechniques known to those of ordinary skill in the art. Furthermore, tothe extent that the terms “includes,” “has,” “contains,” and othersimilar words are used, for the avoidance of doubt, such terms areintended to be inclusive in a manner similar to the term “comprising” asan open transition word without precluding any additional or otherelements when employed in a claim.

As mentioned, the various techniques described herein may be implementedin connection with hardware or software or, where appropriate, with acombination of both. As used herein, the terms “component,” “module,”“system” and the like are likewise intended to refer to acomputer-related entity, either hardware, a combination of hardware andsoftware, software, or software in execution. For example, a componentmay be, but is not limited to being, a process running on a processor, aprocessor, an object, an executable, a thread of execution, a program,and/or a computer. By way of illustration, both an application runningon computer and the computer can be a component. One or more componentsmay reside within a process and/or thread of execution and a componentmay be localized on one computer and/or distributed between two or morecomputers.

The aforementioned systems have been described with respect tointeraction between several components. It can be appreciated that suchsystems and components can include those components or specifiedsub-components, some of the specified components or sub-components,and/or additional components, and according to various permutations andcombinations of the foregoing. Sub-components can also be implemented ascomponents communicatively coupled to other components rather thanincluded within parent components (hierarchical). Additionally, it canbe noted that one or more components may be combined into a singlecomponent providing aggregate functionality or divided into severalseparate sub-components, and that any one or more middle layers, such asa management layer, may be provided to communicatively couple to suchsub-components in order to provide integrated functionality. Anycomponents described herein may also interact with one or more othercomponents not specifically described herein but generally known bythose of skill in the art.

In view of the example systems described herein, methodologies that maybe implemented in accordance with the described subject matter can alsobe appreciated with reference to the flowcharts of the various figures.While for purposes of simplicity of explanation, the methodologies areshown and described as a series of blocks, it is to be understood andappreciated that the various embodiments are not limited by the order ofthe blocks, as some blocks may occur in different orders and/orconcurrently with other blocks from what is depicted and describedherein. Where non-sequential, or branched, flow is illustrated viaflowchart, it can be appreciated that various other branches, flowpaths, and orders of the blocks, may be implemented which achieve thesame or a similar result. Moreover, some illustrated blocks are optionalin implementing the methodologies described hereinafter.

CONCLUSION

While the invention is susceptible to various modifications andalternative constructions, certain illustrated embodiments thereof areshown in the drawings and have been described above in detail. It shouldbe understood, however, that there is no intention to limit theinvention to the specific forms disclosed, but on the contrary, theintention is to cover all modifications, alternative constructions, andequivalents falling within the spirit and scope of the invention.

In addition to the various embodiments described herein, it is to beunderstood that other similar embodiments can be used or modificationsand additions can be made to the described embodiment(s) for performingthe same or equivalent function of the corresponding embodiment(s)without deviating therefrom. Still further, multiple processing chips ormultiple devices can share the performance of one or more functionsdescribed herein, and similarly, storage can be effected across aplurality of devices. Accordingly, the invention is not to be limited toany single embodiment, but rather is to be construed in breadth, spiritand scope in accordance with the appended claims.

What is claimed is:
 1. In a computing environment, a method performed atleast in part on at least one processor, comprising, establishing accessto a storage device using an unprivileged storage architecturecomponent, including, processing request data for initiatinginput/output activity associated with the storage device, the requestdata corresponding to at least one portion of the storage device, andconfiguring at least one path for the input/output activity between theat least one portion of the storage device and the unprivileged storagearchitecture component.
 2. The method of claim 1, wherein configuringthe at least one path further comprises comparing the request data withpolicy information and if the request data satisfies the policyinformation, mapping the at least one portion of the storage device toan address space corresponding to the unprivileged storage architecturecomponent.
 3. The method of claim 2, wherein comparing the request datawith the policy information further comprises in response to the requestdata, verifying an application requesting discovery of the unprivilegedstorage architecture component.
 4. The method of claim 1, whereinconfiguring the at least one path further comprises establishing a firstpath between the unprivileged storage architecture component and aprivileged storage architecture component associated with the storagedevice, establishing a second path between the privileged storagearchitecture component and the at least one portion of the storagedevice and coupling the first path and the second path to form the atleast one path for the input/output activity conducted between thestorage device and the unprivileged storage architecture component. 5.The method of claim 1, wherein configuring the at least one path furthercomprises loading a privileged storage architecture component associatedwith the storage device, the privileged storage architecture componentinitiates file system operations on an unprivileged virtual addressspace representing the at least one portion of the storage device. 6.The method of claim 1, wherein configuring the at least one path furthercomprises authorizing generation of an interface for directly accessingthe storage device via a processor.
 7. The method of claim 1, whereinconfiguring the at least one path further comprises generating at leastone virtual function corresponding to the unprivileged storagearchitecture component in which each virtual function corresponds to aregion of the storage device.
 8. The method of claim 1, whereinconfiguring the at least one path further comprises establishing a pathbetween at least one allocated region of the storage device and a usermode memory buffer.
 9. The method of claim 8, wherein establishing thepath further comprises flushing the user mode memory buffer to thestorage device.
 10. In a computing environment, a system comprising, atleast one processor, a memory communicatively coupled to the at leastone processor and including components comprising, a storageinfrastructure mechanism configured to load at least one unprivilegedcomponent of a provider-based storage architecture that is configured toexecute input/output requests on a storage device, the storageinfrastructure mechanism is further configured to map regions of thestorage device to an address space representing at least a portion ofapplication-related data, the at least one component is furtherconfigured to handle input/output activity corresponding to theapplication-related data.
 11. The system of claim 10, wherein the atleast one component is further configured to perform the input/outputactivity with the storage device and maintain consistency between theregions of the storage device and the corresponding regions of the usermode application-related data.
 12. The system of claim 10, wherein theinput/output activity comprises at least one of asynchronous file systemoperations, synchronous file system operations or block-leveloperations.
 13. The system of claim 10, wherein the at least onecomponent is further configured to present an interface through which anapplication initiates the input/output requests and the storage devicereturns the input/output completion notifications.
 14. The system ofclaim 10, wherein the at least one component is further configured toselect a completion notification mechanism based on a rate associatedwith the input/output activity.
 15. The system of claim 10, wherein theat least one component is further configured to directly communicateinput/output requests to mapped regions of the storage device based uponcorresponding regions of a unprivileged virtual address space.
 16. Thesystem of claim 15, wherein the at least one component is furtherconfigured to store application-related data, corresponding to theunprivileged virtual address space, into the regions of the storagedevice.
 17. The system of claim 10, wherein the at least one componentcomprises a user mode provider configured to poll the storage device forcompletion notifications.
 18. The system of claim 17, wherein the atleast one component comprises a kernel mode driver configured to processan interrupt in response to unacknowledged completion notifications. 19.One or more computer-readable media having computer-executableinstructions stored thereon, which in response to execution by acomputer, cause the computer to perform steps comprising: allocatingregions of a hardware-accelerated storage device for input/outputactivity; addressing the regions to correspond to user modeapplication-related data; and coupling the regions with a user modeprovider configured to handle the input/output activity.
 20. The one ormore computer-readable media of claim 19 having furthercomputer-executable instructions, which in response to execution by thecomputer, cause the computer to perform further steps comprising:communicating input/output requests, via a processor, to thehardware-accelerated storage device, wherein the input/output requestsare directed to one or more of the regions; and establishing acompletion notification mechanism for returning information related tothe input/output requests.